ART世界探险(9) - 同步锁

简介: synchronized关键字所对应的指令和实现

ART世界探险(9) - 同步锁

Java是一种把同步锁写进语言和指令集的语言。
从语言层面,Java提供了synchronized关键字。
从指令集层面,Java提供了monitorenter和monitorexit两条指令。

下面我们就看看它们是如何实现的吧。

三种锁的方式

Java代码

有三种方式来加锁:

  • 直接在函数上加synchronized关键字
  • 在函数内用某Object去做同步
  • 调用concurrent库中的其他工具
    public synchronized int newID(){
        return mID++;
    }

    public int newID2(){
        synchronized (mObj){
            mID++;
        }
        return mID;
    }

    public int newID3(){
        Lock lock = new ReentrantLock();
        try{
            lock.lock();
            mID++;
        }finally {
            lock.unlock();
        }
        return mID++;
    }

Class字节码

第1个由于是加在函数上的属性,所以对字节码没有造成任何影响。

  public synchronized int newID();
    Code:
       0: aload_0
       1: dup
       2: getfield      #2                  // Field mID:I
       5: dup_x1
       6: iconst_1
       7: iadd
       8: putfield      #2                  // Field mID:I
      11: ireturn

第二个,就会生成对应的monitorenter和monitorexit指令。

  public int newID2();
    Code:
       0: aload_0
       1: getfield      #4                  // Field mObj:Ljava/lang/Object;
       4: dup
       5: astore_1
       6: monitorenter
       7: aload_0
       8: dup
       9: getfield      #2                  // Field mID:I
      12: iconst_1
      13: iadd
      14: putfield      #2                  // Field mID:I
      17: aload_1
      18: monitorexit
      19: goto          27
      22: astore_2
      23: aload_1
      24: monitorexit
      25: aload_2
      26: athrow
      27: aload_0
      28: getfield      #2                  // Field mID:I
      31: ireturn
    Exception table:
       from    to  target type
           7    19    22   any
          22    25    22   any

第三个,由于是新的工具,从指令集上是得不到支持的。
顺带我们讲一下try和finally,末尾有一个异常表,从第8号到24号指令是其范围,出现异常会跳到33语句处。

  public int newID3();
    Code:
       0: new           #7                  // class java/util/concurrent/locks/ReentrantLock
       3: dup
       4: invokespecial #8                  // Method java/util/concurrent/locks/ReentrantLock."<init>":()V
       7: astore_1
       8: aload_1
       9: invokeinterface #9,  1            // InterfaceMethod java/util/concurrent/locks/Lock.lock:()V
      14: aload_0
      15: dup
      16: getfield      #2                  // Field mID:I
      19: iconst_1
      20: iadd
      21: putfield      #2                  // Field mID:I
      24: aload_1
      25: invokeinterface #10,  1           // InterfaceMethod java/util/concurrent/locks/Lock.unlock:()V
      30: goto          42
      33: astore_2
      34: aload_1
      35: invokeinterface #10,  1           // InterfaceMethod java/util/concurrent/locks/Lock.unlock:()V
      40: aload_2
      41: athrow
      42: aload_0
      43: dup
      44: getfield      #2                  // Field mID:I
      47: dup_x1
      48: iconst_1
      49: iadd
      50: putfield      #2                  // Field mID:I
      53: ireturn
    Exception table:
       from    to  target type
           8    24    33   any

Dalvik代码

我们首先看看第一个,翻译成Dalvik指令后发生了变化,增加了monitor-enter和monitor-exit指令来包围这个方法。
从中可以看到,即使发生了exception,也是能正常走到monitor-exit的。

    #2              : (in Lcom/yunos/xulun/testcppjni2/SampleClass;)
      name          : 'newID'
      type          : '()I'
      access        : 0x20001 (PUBLIC DECLARED_SYNCHRONIZED)
      code          -
      registers     : 3
      ins           : 1
      outs          : 0
      insns size    : 12 16-bit code units
1328c4:                                        |[1328c4] com.yunos.xulun.testcppjni2.SampleClass.newID:()I
1328d4: 1d02                                   |0000: monitor-enter v2
1328d6: 5220 7a1d                              |0001: iget v0, v2, Lcom/yunos/xulun/testcppjni2/SampleClass;.mID:I // field@1d7a
1328da: d801 0001                              |0003: add-int/lit8 v1, v0, #int 1 // #01
1328de: 5921 7a1d                              |0005: iput v1, v2, Lcom/yunos/xulun/testcppjni2/SampleClass;.mID:I // field@1d7a
1328e2: 1e02                                   |0007: monitor-exit v2
1328e4: 0f00                                   |0008: return v0
1328e6: 0d00                                   |0009: move-exception v0
1328e8: 1e02                                   |000a: monitor-exit v2
1328ea: 2700                                   |000b: throw v0

第二个:
这是我们手工加的,除了用Object之外,跟上一个已经区别不大了。

    #3              : (in Lcom/yunos/xulun/testcppjni2/SampleClass;)
      name          : 'newID2'
      type          : '()I'
      access        : 0x0001 (PUBLIC)
      code          -
      registers     : 3
      ins           : 1
      outs          : 0
      insns size    : 16 16-bit code units
1328f8:                                        |[1328f8] com.yunos.xulun.testcppjni2.SampleClass.newID2:()I
132908: 5421 7b1d                              |0000: iget-object v1, v2, Lcom/yunos/xulun/testcppjni2/SampleClass;.mObj:Ljava/lang/Object; // field@1d7b
13290c: 1d01                                   |0002: monitor-enter v1
13290e: 5220 7a1d                              |0003: iget v0, v2, Lcom/yunos/xulun/testcppjni2/SampleClass;.mID:I // field@1d7a
132912: d800 0001                              |0005: add-int/lit8 v0, v0, #int 1 // #01
132916: 5920 7a1d                              |0007: iput v0, v2, Lcom/yunos/xulun/testcppjni2/SampleClass;.mID:I // field@1d7a
13291a: 1e01                                   |0009: monitor-exit v1
13291c: 5220 7a1d                              |000a: iget v0, v2, Lcom/yunos/xulun/testcppjni2/SampleClass;.mID:I // field@1d7a
132920: 0f00                                   |000c: return v0
132922: 0d00                                   |000d: move-exception v0
132924: 1e01                                   |000e: monitor-exit v1
132926: 2700                                   |000f: throw v0
      catches       : 2
        0x0003 - 0x000a
          <any> -> 0x000d
        0x000e - 0x000f
          <any> -> 0x000d
      positions     : 
        0x0000 line=27
        0x0003 line=28
        0x0009 line=29
        0x000a line=30
        0x000d line=29
      locals        : 
        0x0000 - 0x0010 reg=2 this Lcom/yunos/xulun/testcppjni2/SampleClass; 

第三个就像普通函数调用,就不多说了。

OAT的生成代码

因为前两个结构非常相似,到OAT这一级,我们就只分析第一个。

  3: int com.yunos.xulun.testcppjni2.SampleClass.newID() (dex_method_idx=16780)
    DEX CODE:
      0x0000: 1d02                         | monitor-enter v2
      0x0001: 5220 7a1d                    | iget v0, v2, I com.yunos.xulun.testcppjni2.SampleClass.mID // field@7546
      0x0003: d801 0001                    | add-int/lit8 v1, v0, #+1
      0x0005: 5921 7a1d                    | iput v1, v2, I com.yunos.xulun.testcppjni2.SampleClass.mID // field@7546
      0x0007: 1e02                         | monitor-exit v2
      0x0008: 0f00                         | return v0
      0x0009: 0d00                         | move-exception v0
      0x000a: 1e02                         | monitor-exit v2
      0x000b: 2700                         | throw v0
    OatMethodOffsets (offset=0x00277794)
      code_offset: 0x0066275c 
      gc_map: (offset=0x002ce242)
    OatQuickMethodHeader (offset=0x00662740)
      mapping_table: (offset=0x0030855a)
      vmap_table: (offset=0x0030df6a)
      v65535/r30
    QuickMethodFrameInfo
      frame_size_in_bytes: 32
      core_spill_mask: 0x40000000 (r30)
      fp_spill_mask: 0x00000000 
      vr_stack_locations:
          locals: v0[sp + #12] v1[sp + #16]
          ins: v2[sp + #40]
          method*: v3[sp + #0]
    CODE: (code_offset=0x0066275c size_offset=0x00662758 size=168)...
      0x0066275c: d1400bf0    sub x16, sp, #0x2000 (8192)
      0x00662760: b940021f    ldr wzr, [x16]
      suspend point dex PC: 0x0000
      GC map objects:  v2 ([sp + #40])

前面还是不变的判suspend.
w1存的是当年的对象,存到sp+40,这个下面就当成锁对象用。

      0x00662764: f81e0fe0    str x0, [sp, #-32]!
      0x00662768: f9000ffe    str lr, [sp, #24]
      0x0066276c: b9002be1    str w1, [sp, #40]
      0x00662770: 79400250    ldrh w16, [tr](state_and_flags)
      0x00662774: 35000430    cbnz w16, #+0x84 (addr 0x6627f8)

把刚从sp+40的当前对象取出来到w0。
然后调用pLockObject过程去加锁。

      0x00662778: b9402be0    ldr w0, [sp, #40]
      0x0066277c: f9419e5e    ldr lr, [tr, #824](pLockObject)
      0x00662780: d63f03c0    blr lr
      suspend point dex PC: 0x0000
      GC map objects:  v2 ([sp + #40])

w0的引用对象再读回来。
sp+12是域变量mID,读取寄存器w1
然后再存回去,再读到w0中,因为下一个加法要在w0中算。

      0x00662784: b9402be0    ldr w0, [sp, #40]
      0x00662788: b940001f    ldr wzr, [x0]
      suspend point dex PC: 0x0001
      GC map objects:  v2 ([sp + #40])
      0x0066278c: b9400c01    ldr w1, [x0, #12]
      suspend point dex PC: 0x0001
      GC map objects:  v2 ([sp + #40])
      0x00662790: b9000fe1    str w1, [sp, #12]
      0x00662794: b9400fe0    ldr w0, [sp, #12]

计算mID++,存到sp+16中。
再把对象从sp+40再读出来,再找到mID,存回去到sp+12.

      0x00662798: 11000401    add w1, w0, #0x1 (1)
      0x0066279c: b90013e1    str w1, [sp, #16]
      0x006627a0: b9402be0    ldr w0, [sp, #40]
      0x006627a4: b940001f    ldr wzr, [x0]
      suspend point dex PC: 0x0005
      GC map objects:  v2 ([sp + #40])
      0x006627a8: b9000be0    str w0, [sp, #8]
      0x006627ac: b9400be0    ldr w0, [sp, #8]
      0x006627b0: b94013e1    ldr w1, [sp, #16]
      0x006627b4: b9000c01    str w1, [x0, #12]

解锁,从sp+40把对象引用再读出来,用这个对象做参数调pUnlockObject.

      0x006627b8: b9402be0    ldr w0, [sp, #40]
      0x006627bc: f941a25e    ldr lr, [tr, #832](pUnlockObject)
      0x006627c0: d63f03c0    blr lr
      suspend point dex PC: 0x0007
      GC map objects:  v2 ([sp + #40])

sp+12记得是mID变量哈,读到w0,准备返回,恢复LR,清理栈,返回。

      0x006627c4: b9400fe0    ldr w0, [sp, #12]
      0x006627c8: f9400ffe    ldr lr, [sp, #24]
      0x006627cc: 910083ff    add sp, sp, #0x20 (32)
      0x006627d0: d65f03c0    ret

下面是exception情况下的解锁,将exception的值存在sp+12中。
从sp+40读对象引用,用它去pUnlockObject解锁。

      catch entry dex PC: 0x0009
      0x006627d4: b9408a40    ldr w0, [tr, #136](exception)
      0x006627d8: b9008a5f    str wzr, [tr, #136](exception)
      0x006627dc: b9000fe0    str w0, [sp, #12]
      0x006627e0: b9402be0    ldr w0, [sp, #40]
      0x006627e4: f941a25e    ldr lr, [tr, #832](pUnlockObject)
      0x006627e8: d63f03c0    blr lr
      suspend point dex PC: 0x000a
      GC map objects:  v0 ([sp + #12]), v2 ([sp + #40])

解了锁之后,再把刚才暂存在sp+12的exception,调用pDeliverException抛出去。

      0x006627ec: b9400fe0    ldr w0, [sp, #12]
      0x006627f0: f942225e    ldr lr, [tr, #1088](pDeliverException)
      0x006627f4: d63f03c0    blr lr
      suspend point dex PC: 0x000b
      GC map objects:  v0 ([sp + #12]), v2 ([sp + #40])

最后还是pTestSuspend。

      0x006627f8: f9421e5e    ldr lr, [tr, #1080](pTestSuspend)
      0x006627fc: d63f03c0    blr lr
      suspend point dex PC: 0x0000
      GC map objects:  v2 ([sp + #40])
      0x00662800: 17ffffde    b #-0x88 (addr 0x662778)
目录
相关文章
|
数据安全/隐私保护